Privacy notice

This privacy notice tells you what to expect when the Financial Conduct Authority (FCA) collects information about individuals (which we will call ‘personal data’ in this privacy notice).

To help you understand how we use personal data across the FCA, in this privacy notice we explain some of the activities that we undertake and how we may use the personal data that we collect to carry out these activities. We also provide information about your rights and how to contact us if you have any questions.

You can use the links below to learn more about our use of personal data in different aspects of our work:

The Financial Services Register

The Financial Services Register is a public record that shows details of firms and individuals which are, or have been, regulated by us and/or the Prudential Regulation Authority. It also includes information about firms that were regulated by the Financial Services Authority (the predecessor organisation to the FCA) but ceased to be regulated before April 2013.

The majority of the information on the Register is about the firm’s business, such as what it does and how it can be contacted, but some personal data about the firm’s employees and former employees is also included (these are called Approved Persons). We are required by law to make this information publicly available and extracts of the Register can be purchased for a fee.

Data retention

Our retention policy sets out how long we hold all information, including any personal data used for each of the areas mentioned in this privacy notice.

Your rights

Under the DPA 2018 and the GDPR, you have rights as an individual which you can exercise in relation to the personal data we hold about you. For example, you can exercise your right to:

request access to, and deletion or correction of, information about you

object to the way in which we use information about you

request that your personal data be transferred to another organisation

complain to the Information Commissioner’s Office if you are unhappy about the way we use information about you

Individual rights request form

If you wish to find out what personal data, if any, we hold about you or if you wish to exercise any of your other privacy rights, you can contact our Information Disclosure Team. To enable us to process your request as quickly as possible, we will need you to provide us with some information about yourself. You may find it helpful to complete our individual rights request form.

If we hold information about you

If we do hold information about you we will:

give you a description of it

tell you why we are holding it

tell you who it could be or has been disclosed to

tell you how long we intend to keep the information

tell you where we obtained the information (if not from you directly)

tell you if any significant automated decisions (those made by a computer and with no human intervention) have been made about you by us

let you have a copy of the information in an intelligible form

If you notice any mistakes in the information that we hold about you, you can ask us to correct those mistakes. You can also ask us to stop holding or using information about you, which we will do unless we have genuine and lawful reasons for continuing to hold or use it.

As a public authority, and a regulator who exercises functions of a public nature or in the public interest, we are entitled to rely on certain exemptions set out in the DPA 2018 which may have an impact on any rights request that you may make to us. If this is the case, we will clearly explain what the exemption is, why it applies and what impact it may have on your rights request. Also, if we are processing personal data for a law enforcement purpose, we may withhold information from you if we believe that doing so is necessary to avoid prejudicing the detection and investigation of criminal offences.

Find out more about your privacy rights

If you are interested in learning more about your privacy rights, you can find more information on the ICO website.

How to contact us

This privacy notice covers all the main ways that we use the various types of personal data we may hold about you, to make sure that we are as transparent as possible and to avoid using your information in a way that would surprise you.

If you feel that we have missed anything that you would like to know, or you have any particular questions about our privacy policy, you can email us or write to: Information Disclosure Team, Financial Conduct Authority, 12 Endeavour Square, London, E20 1JN. Alternatively, if you would like to speak to someone you can call our switchboard on 020 7066 1000 and ask for the Information Disclosure Team.

Our Data Protection Officer

As a public authority we are required to appoint a Data Protection Officer (DPO) who oversees our internal data protection compliance, informs and advises us on our data protection obligations, advises us on our data protection impact assessment process and acts as our contact point with the Information Commissioner. Our DPO is Andy Cobbett.

Glossary of terms used in this privacy notice

When we refer to personal data we mean any information about a living identifiable individual who can be directly or indirectly identified from that information.

Pseudonymise

The process of distinguishing individuals in a dataset by using a unique identifier which does not reveal their “real world” identity.

Special categories of data

The special categories of data are specifically listed in the GDPR. They include race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, or information about a person’s sex life or sexual orientation. You may also hear people refer to sensitive personal data to mean the same thing.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 24 May 2018.